Accessing a website that is in a dmz

[martynherderson]

I have an Apache web server in a dmz outside our LAN. It is assessible from the outside world via a domain name that is registered to that IP address. The problem is that I cannot access it from inside our lan. When I type the domain name in a browser address our dns cannot resolve the ip address since it is in the dmz. How can I access this website from our LAN.

 

[sgamer]

You've probably already figured this out but, if not, since I'm unemployed and bored, I'll answer it anyway. I assume you're using a PIX, the DMZ you mentioned is connected to the PIX, the server has a private IP address that is translated to the address DNS resolves to and that your clients are using external DNS servers in their TCP/IP configs.

If my assumptions are correct then I have two solutions:

1) You could install an internal DNS that would respond locally with the private address of the webserver.

2) You could use the alias command.

Because the PIX doesn't support "hairpinning" or traffic coming in on one interface and going out the same interface, you have to have the DNS respond with the private address, not the global public address for your users.

Of course you have to have the proper tranlation and access-lists defined first or it won't work no matter what. You can and should check that before changing anything. Just replace the http server name with the actual private IP address of the webserver (i.e.

http://10.1.1.1/index.html).

If you can't browse to it then you'll need to properly define your NAT and Global statements from the inside to the DMZ.

The alias command gets around hairpinning by intercepting a particular DNS response and replacing the global public IP address with the private IP address for users.

Hope that helps.